Risk Appetite: Are You Hungry for Risk?
by François Masquelier, Head of Corporate Finance and Treasury, RTL Group, and Honorary Chairman, EACT
Risk appetite… this notion is something of a paradox in times of crisis. Generally speaking, no one likes risk; we all strive to limit it as much as possible. However, behind this notion is hidden the idea of determining a company’s profile. Without a precise definition of its profile, how can one adopt the appropriate strategy that would be approved by the company’s shareholders? Defining this profile is a prerequisite for ERM (Enterprise Risk Management). In this article, we will demystify this somewhat confusing concept.
‘Risk appetite’ or ‘risk profile’?
The touchy subject of ‘risk appetite’ always sparks heated debates. The term itself originated in the English-speaking world, and the approach is not universally embraced. Many CFOs prefer the idea of a ‘risk profile’, which is less harsh and more ‘sellable’ internally. Having an appetite for risk is a strange concept, isn’t it? Generally speaking, no one is hungry for risk. Yet this notion, which everyone agrees is complex and even a bit mysterious, is nevertheless the cornerstone of an actual ERM (Enterprise-wide Risk Management) process. The ERM policy must or should contain the foundations of ‘risk appetite’ in its set of defined rules. Within this concept, there is the idea of measuring the types of risk that the company is willing to keep and those that it is prepared to sell, to eliminate or to mitigate by various means, and to incorporate this into the group’s risk management strategy (see British Standard Institute’s Code of Practice on Risk Management BS 31100 published in October 2008 – www.bsigroup.com).
The companies risk appetite cannot go against its fundamental, founding values. It all must be consistent.
As many ‘risk appetite’ concepts as companies
This concept varies from company to company, depending on their own risk culture and on the industry, the degree of centralisation and the maturity of the ERM process. Just as there is no single ERM solution applicable to every company, neither is there a miracle ‘risk appetite’ solution that applies to every organisation. Although the criteria are often quantifiable (e.g., credit rating minimum, leverage maximum, cash flow at risk with set limits, maximum risk concentration level per client, and others), the same is not always true of risk appetite. As a result, it is not based solely on numbers, but is also influenced by principles and measurements related to social or environmental considerations and reputation. This notion will therefore also be defined by more qualitative criteria, such as maximum tolerance to operational risk, minimum compliance with current regulations, and others.
This risk appetite charter must specify what is acceptable and what is not. The degree of risk ‘acceptability’ must be determined based on the strategy adopted by the senior management and must meet the expectations of the company’s stakeholders. The next step is to determine what has to be covered and what does not, what can remain exposed and what cannot. One golden rule would be always to ask whether a shareholder or employee would be surprised by the announcement of a loss due to the particular risk in question. Unacceptable risk is a risk that would not contribute to attaining the company’s strategic vision or would not provide a strategic or competitive advantage for the company. In order to establish precisely what the appropriate level of risk appetite is, it is first necessary to test the likelihood of a worst-case event and its consequences in financial terms. From there, one could say that all ERM measures should then fall into place. We might compare this concept to a car, when we say that the better the brakes, the faster it can go. Simply put, in order to learn how to drive faster, one must be aware of the car’s potential, its technical limitations and its breaking ability. This is the approach that will generate added value for a commercial company. The British BS 31100 document may become a benchmark for defining risk profile.